Fix CVE-2016-6318.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318
Patch copied from Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6318
https://bugzilla.redhat.com/attachment.cgi?id=1188599&action=diff
It is not safe to pass words longer than STRINGSIZE further to cracklib
so the longbuffer cannot be longer than STRINGSIZE.
diff -up cracklib-2.9.0/lib/fascist.c.longgecos cracklib-2.9.0/lib/fascist.c
--- cracklib-2.9.0/lib/fascist.c.longgecos 2014-02-06 16:03:59.000000000 +0100
+++ cracklib-2.9.0/lib/fascist.c 2016-08-08 12:05:40.279235815 +0200
@@ -515,7 +515,7 @@ FascistGecosUser(char *password, const c
char gbuffer[STRINGSIZE];
char tbuffer[STRINGSIZE];
char *uwords[STRINGSIZE];
- char longbuffer[STRINGSIZE * 2];
+ char longbuffer[STRINGSIZE];
if (gecos == NULL)
gecos = "";
@@ -596,38 +596,47 @@ FascistGecosUser(char *password, const c
{
for (i = 0; i < j; i++)
{
- strcpy(longbuffer, uwords[i]);
- strcat(longbuffer, uwords[j]);
-
- if (GTry(longbuffer, password))
+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
{
- return _("it is derived from your password entry");
- }
-
- strcpy(longbuffer, uwords[j]);
- strcat(longbuffer, uwords[i]);
+ strcpy(longbuffer, uwords[i]);
+ strcat(longbuffer, uwords[j]);
- if (GTry(longbuffer, password))
- {
- return _("it's derived from your password entry");
+ if (GTry(longbuffer, password))
+ {
+ return _("it is derived from your password entry");
+ }
+
+ strcpy(longbuffer, uwords[j]);
+ strcat(longbuffer, uwords[i]);
+
+ if (GTry(longbuffer, password))
+ {
+ return _("it's derived from your password entry");
+ }
}
- longbuffer[0] = uwords[i][0];
- longbuffer[1] = '\0';
- strcat(longbuffer, uwords[j]);
-
- if (GTry(longbuffer, password))
+ if (strlen(uwords[j]) < STRINGSIZE - 1)
{
- return _("it is derivable from your password entry");
+ longbuffer[0] = uwords[i][0];
+ longbuffer[1] = '\0';
+ strcat(longbuffer, uwords[j]);
+
+ if (GTry(longbuffer, password))
+ {
+ return _("it is derivable from your password entry");
+ }
}
- longbuffer[0] = uwords[j][0];
- longbuffer[1] = '\0';
- strcat(longbuffer, uwords[i]);
-
- if (GTry(longbuffer, password))
+ if (strlen(uwords[i]) < STRINGSIZE - 1)
{
- return _("it's derivable from your password entry");
+ longbuffer[0] = uwords[j][0];
+ longbuffer[1] = '\0';
+ strcat(longbuffer, uwords[i]);
+
+ if (GTry(longbuffer, password))
+ {
+ return _("it's derivable from your password entry");
+ }
}
}
}
-06-10 22:42:49 +0200'>2022-06-10| doc: Update example of a minimalistic home environment....* doc/he-config-bare-bones.scm: Adujst example according to changes in
bash-service-type and home-files-service-type.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Andrew Tropin |
| 2021-10-09 | Move (gnu home-services) to (gnu home services)....* gnu/home-services.scm (%guix-home-root-directory): Replace
gnu/home-services.scm with "gnu/home/services.scm".
Rename to gnu/home/services.scm.
* gnu/local.mk
(GNU_SYSTEM_MODULES): Rename gnu/home-services.scm to gnu/home/services.scm.
* doc/he-config-bare-bones.scm:
Replace (gnu home-services) with (gnu home services).
* gnu/home.scm: Same.
* gnu/home/services/fontutils.scm: Same.
* gnu/home/services/mcron.scm: Same.
* gnu/home/services/shells.scm: Same.
* gnu/home/services/shepherd.scm: Same.
* gnu/home/services/symlink-manager.scm: Same.
* gnu/home/services/xdg.scm: Same.
* guix/scripts/home.scm: Same.
* guix/self.scm: Same.
| Oleg Pykhalov |
| 2021-10-08 | gnu: Move (gnu home-services) to (gnu home services)....* gnu/home-services/configuration.scm: Move the content ...
* gnu/home/services/configuration.scm: ... here.
* doc/guix.texi:
Replace (gnu home-services mcron) with (gnu home services mcron).
Replace (gnu home-services) with (gnu home services).
* gnu/home.scm:
Replace (gnu home-services fontutils) with (gnu services fontutils).
Replace (gnu home-services shells) with (gnu home services shells).
Replace (gnu home-services symlink-manager) with
(gnu home services symlink-manager).
Replace (gnu home-services xdg) with (gnu home services xdg).
* gnu/home-services/fontutils.scm: Rename to gnu/services/fontutils.scm.
* gnu/home-services/mcron.scm: Move to gnu/home/services/mcron.scm.
Replace (gnu home-services shepherd) with (gnu home services shepherd).
* gnu/home-services.scm (%service-type-path):
Search home services in "gnu/services".
* gnu/home-services/shells.scm: Replace (gnu home-services configuration) with
(gnu home services configuration).
Rename to gnu/home/services/shells.scm.
Replace (gnu home-services utils) with (gnu home services utils).
* gnu/home-services/shepherd.scm: Move to gnu/home/services/shepherd.scm.
* gnu/home-services/symlink-manager.scm:
Rename to gnu/home/services/symlink-manager.scm.
* gnu/home-services/utils.scm: Rename to gnu/home/services/utils.scm.
* gnu/home-services/xdg.scm: Rename to gnu/home/services/xdg.scm.
* guix/scripts/home/import.scm:
Replace (gnu home-services bash) with (gnu home services bash).
* gnu/home-services.scm: Update documentation string.
* doc/he-config-bare-bones.scm:
Apply new (gnu home-services ...) modules location.
* gnu/local.mk (GNU_SYSTEM_MODULES): Same.
| Oleg Pykhalov |
| 2021-09-09 | doc: Add Guix Home documentation....* doc/guix.texi: Add Guix Home documentation.
* doc/he-config-bare-bones.scm: New file.
Signed-off-by: Oleg Pykhalov <go.wigust@gmail.com>
| Andrew Tropin |